<?php
//written by: Marcos Resendiz
session_start();
require_once 'php_includes.php';
require_once 'time_functions.php';

//Make sure logged in
checkLogin();
?>  

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
  <head>
    <title>Payroll and Timesheet Management Website</title>
    <link rel="stylesheet" type="text/css" href="styles.css"/>
  </head>
  <body>
	<?php writeHeader(); ?>
	<p>
	<span class="pageheader">Search Results</span><br/></p>
	
	<p>
<?php
//will establish connection to the databse
sqlConnect();
//will display this if there is no record found
$XX = "<span class=\"error_cnt\"> No Record Found</span>";
$space=' ';	
//this is the search type that the user has entered
$method=$_POST['searchType'];

if(isset($_POST['searchType']))
{
	////This will be needed to see if the user is a manager or not, to display ID's
	$managerID=$_SESSION['tmsUserID'];
	$sql = "select ManagerID from Employee where EmployeeID = '$managerID'"; 
	// Perform Query
	$sqlresult = sqlQuery($sql);
	$result = mysql_result($sqlresult, 0, 0);
	//////////////////////////
	
	//will use a switch statement to select type of search
switch ($method):

	//If the user selects the Name option
    case ($method=='EmployeeFName'):
    //Makes sure the form is filled out
    if(empty($_POST['query']))
	{	
	exit("Please fill in a name of an employee you want to search. Click <a href=\"search.php\">here</a> to go back.</p>");
	}
	else //if the form is completely filled out
	{
	echo"<i>Your search for {$_POST['query']} had the following results:</i>";
	
	
	//////////#####################
	//This will parse a full name
	$full = $_POST['query'];
	$n = sscanf($full, "%s %s", $first, $last);
	$Emps= sqlQuery("SELECT * FROM Employee WHERE EmployeeFName like '%$first%' AND EmployeeLName like '%$last%'");
	////////########################
	
	$aNumber=mysql_num_rows($Emps);
	
	//This will select the employees with the same first name or last name
	$Emps2=sqlQuery("SELECT * FROM Employee WHERE EmployeeFName like '%$first%' OR EmployeeLName like '%$first%'");
	$aNumber2=mysql_num_rows($Emps2);
	
	if($aNumber >='1' || $aNumber2 >= '1')
	{
	if( $_SESSION['tmsUserID'] == $result )
	{
	echo"<table class='full'>";
	echo"<tr><th></th><th>ID</th><th>Employee Name</th><th>Title</th><th>Team</th><th>Department</th></tr>";
	}
	else
	{
	echo"<table class='full'>";
	echo"<tr><th></th><th>Employee Name</th><th>Title</th><th>Team</th><th>Department</th></tr>";	
	}
	}
	
	//If there is no last name, search for first name.
	if($last==NULL) 
	{
	while ($row = mysql_fetch_array($Emps2))
	{
		$variable1=$row["EmployeeFName"];
		$variable2=$row["EmployeeLName"];
		$variable3=$row["EmployeeID"];
		$variable4=$row["EmployeeDepart"];
		$variable5=$row["EmployeeTeam"];
		$variable6=$row["ManagerID"];
		$variable7=$row["EmployeeTitle"];
		$variable8=$row["EmployeeHide"];

if($variable6!=$_SESSION['tmsUserID'] || $variable8 !='1')   ///Will not display the managers or hidden employees
{
		echo"<tr><td class='view'><form action='employee.php' method='post'><div>";
		echo"<input type='hidden' name='empID' value=$variable3></input>";
		echo"<input type='submit' value='View' class='button' /></div></form></td>";
		
if( $_SESSION['tmsUserID'] == $result )
	{
	echo"<td name='userID' class='id'>{$variable3}</td>";
	}

echo"<td name='userName' class='record'>{$variable1}{$space}{$variable2}  </td>";
echo"<td name='userTitle' class='record'>{$variable7}</td><td name='userTeam' class='record'>{$variable5}</td>";
echo"<td name='userDept' class='record'>{$variable4}</td></tr>";
}	
	}		
	}
	
	//Will display the user with the same first and last name entered in the search form
	else 
	{
	while ($row = mysql_fetch_array($Emps))
	{
		$variable1=$row["EmployeeFName"];
		$variable2=$row["EmployeeLName"];
		$variable3=$row["EmployeeID"];
		$variable4=$row["EmployeeDepart"];
		$variable5=$row["EmployeeTeam"];
		$variable6=$row["ManagerID"];
		$variable7=$row["EmployeeTitle"]; 
		$variable8=$row["EmployeeHide"];
if($variable6!=$_SESSION['tmsUserID'] || $variable8 !='1') /// Will not display managers or hidden Employees
{
		echo"<tr><td class='view'><form action='employee.php' method='post'><div>";
		echo"<input type='hidden' name='empID' value=$variable3></input>";
		echo"<input type='submit' value='View' class='button' /></div></form></td>";
if( $_SESSION['tmsUserID'] == $result )
	{
	echo"<td name='userID' class='id'>{$variable3}</td>";
	}

echo"<td name='userName' class='record'>{$variable1}{$space}{$variable2}  </td>";
echo"<td name='userTitle' class='record'>{$variable7}</td><td name='userTeam' class='record'>{$variable5}</td>";
echo"<td name='userDept' class='record'>{$variable4}</td></tr>";
	}
	else 
	echo("You are Searching Yourself"); //Will echo out it the the user is searching themselves.
}	
	}	

if (!$variable3) //If the employee was not found
{
print ("$XX");
exit('<p> Click <a href="search.php">here</a> to go back.</p>');
}

	
	}      
        break;
        
    ////If the user selects EmployeeID search   
    case ($method=='EmployeeID'):
    //Makes sure the user enters an ID to be searched
    if(empty($_POST['query']))
	{	
	exit("Please fill in the Employee ID you want to search. Click <a href=\"search.php\">here</a> to go back.</p>");
	}
	else
	{
	$search=$_POST['query']; //holds what the user is searching
	$query = sqlQuery("SELECT * FROM Employee WHERE $method = '$search'"); //will search the DB	
	$aNumber=mysql_num_rows($query);
	if($aNumber>='1')//if the employee is found it will display the table header
	{
	if( $_SESSION['tmsUserID'] == $result )//if the user is a manager it will display the ID's column
	{
	echo"<table class='full'>";
	echo"<th></th><th>ID</th><th>Employee Name</th><th>Title</th><th>Team</th><th>Department</th></tr>";
	}
	else //if the user is a not a manager it will not display the ID's column
	{
	echo"<table class='full'>";
	echo"<th></th><th>Employee Name</th><th>Title</th><th>Team</th><th>Department</th></tr>";	
	}
	}
	
	while ($row = mysql_fetch_array($query))
	{
		$variable1=$row["EmployeeFName"];
		$variable2=$row["EmployeeLName"];
		$variable3=$row["EmployeeID"];
		$variable4=$row["EmployeeDepart"];
		$variable5=$row["EmployeeTeam"];
		$variable6=$row["ManagerID"];
		$variable7=$row["EmployeeTitle"]; 
		$variable8=$row["EmployeeHide"];
		
if($variable8!='1')
{
		echo"<tr><td class='view'><form action='employee.php' method='post'><div>";
		echo"<input type='hidden' name='empID' value=$variable3></input>";
		echo"<input type='submit' value='View' class='button' /></div></form></td>";
if( $_SESSION['tmsUserID'] == $result ) //if the user is a manager it will display the ID's
	{
	echo"<td name='userID' class='id'>{$variable3}</td>";
	}

echo"<td name='userName' class='record'>{$variable1}{$space}{$variable2}  </td>";
echo"<td name='userTitle' class='record'>{$variable7}</td><td name='userTeam' class='record'>{$variable5}</td>";
echo"<td name='userDept' class='record'>{$variable4}</td></tr>";
}
else 
echo("<span class=\"error_cnt\"> Can't view Employee</span>");
	}///
if (!$variable3) //the ID was not found 
{
print ("$XX");
exit('<p> Click <a href="search.php">here</a> to go back.</p>');
}

	}      
        break;
        
    //The user selects the Employee department    
    case ($method=='EmployeeDepart'):
    //will check if the department name was entered.
    if(empty($_POST['query']))
	{	
	exit("Please Fill in the Department you want to search. Click <a href=\"search.php\">here</a> to go back.</p>");
	}
	else //if the department was filled out it will search for it.
	{
	echo"<i>Your search for {$_POST['query']} had the following results:</i>";
	$method=$_POST['searchType']; //this is the search type
	$search=$_POST['query'];//what the user wants to search
	$query = sqlQuery("SELECT * FROM Employee WHERE $method = '$search'");	//will search the databse see the department exists
	$aNumber=mysql_num_rows($query);
	if($aNumber=='1') //if the department exists 
	{
	if( $_SESSION['tmsUserID'] == $result ) //display the Ids if user is a manager
	{
	echo"<table class='full'>";
	echo"<tr><th></th><th>ID</th><th>Employee Name</th><th>Title</th><th>Team</th><th>Department</th></tr>";
	}
	else //will not display the manager ID
	{
	echo"<table class='full'>";
	echo"<tr><th></th><th>Employee Name</th><th>Title</th><th>Team</th><th>Department</th></tr>";	
	}
	}
	while ($row = mysql_fetch_array($query))
	{
		$variable1=$row["EmployeeFName"];
		$variable2=$row["EmployeeLName"];
		$variable3=$row["EmployeeID"];
		$variable4=$row["EmployeeDepart"];
		$variable5=$row["EmployeeTeam"];
		$variable6=$row["ManagerID"];
		$variable7=$row["EmployeeTitle"]; 
		$variable8=$row["EmployeeHide"];

if($variable8=='0') //will display the employees that are not hidden
{
		echo"<tr><td class='view'><form action='employee.php' method='post'><div>";
		echo"<input type='hidden' name='empID' value=$variable3></input>";
		echo"<input type='submit' value='View' class='button' /></div></form></td>";
if( $_SESSION['tmsUserID'] == $result ) //will display IDs if the user is a manager
	{
	echo"<td name='userID' class='id'>{$variable3}</td>";
	}

echo"<td name='userName' class='record'>{$variable1}{$space}{$variable2}  </td>";
echo"<td name='userTitle' class='record'>{$variable7}</td><td name='userTeam' class='record'>{$variable5}</td>";
echo"<td name='userDept' class='record'>{$variable4}</td></tr>";
	}
	else 
echo("<font color='red'> Can't view Employee</font>");
}
	if (!$variable3)
{
print ("$XX");
exit('<p> Click <a href="search.php">here</a> to go back.</p>');
}

	}     
        break;
        
     ///Case where the user searches for a Team   
    case ($method=='EmployeeTeam'):
    if(empty($_POST['query'])) //if the user did not enter a search query
	{	
	exit("Please Fill in the Team you want to search. Click <a href=\"search.php\">here</a> to go back.</p>");
	}
	else
	{
	echo"<i>Your search for {$_POST['query']} had the following results:</i>";
	$method=$_POST['searchType'];
	$search=$_POST['query'];
	$query = sqlQuery("SELECT * FROM Employee WHERE $method = '$search'");//searches the database for the query
	$aNumber=mysql_num_rows($query);
	if($aNumber=='1') //if the query was found
	{
	if( $_SESSION['tmsUserID'] == $result ) //Will display the Ids if the user is a manager
	{
	echo"<table class='full'>";
	echo"<th></th><th>ID</th><th>Employee Name</th><th>Title</th><th>Team</th><th>Department</th></tr>";
	}
	else //will not display the IDs if the user is not a manager
	{
	echo"<table class='full'>";
	echo"<th></th><th>Employee Name</th><th>Title</th><th>Team</th><th>Department</th></tr>";	
	}
	}
	while ($row = mysql_fetch_array($query))
	{
		$variable1=$row["EmployeeFName"];
		$variable2=$row["EmployeeLName"];
		$variable3=$row["EmployeeID"];
		$variable4=$row["EmployeeDepart"];
		$variable5=$row["EmployeeTeam"];
		$variable6=$row["ManagerID"];
		$variable7=$row["EmployeeTitle"]; 
		$variable8=$row["EmployeeHide"];
if($variable8!='1')//will display the users that are not hidden
{
		echo"<tr><td class='view'><form action='employee.php' method='post'><div>";
		echo"<input type='hidden' name='empID' value=$variable3></input>";
		echo"<input type='submit' value='View' class='button' /></div></form></td>";
if( $_SESSION['tmsUserID'] == $result )
	{
	echo"<td name='userID' class='id'>{$variable3}</td>";
	}

echo"<td name='userName' class='record'>{$variable1}{$space}{$variable2}  </td>";
echo"<td name='userTitle' class='record'>{$variable7}</td><td name='userTeam' class='record'>{$variable5}</td>";
echo"<td name='userDept' class='record'>{$variable4}</td></tr>";
}
else 
echo("<font color='red'> Can't view Employee</font>"); //displays if employee is hidden
	}
		if (!$variable3) //if hte results were not found
{
print ("$XX");
exit('<p> Click <a href="search.php">here</a> to go back.</p>');
}
	}      
        break;
        
        
     ///If user selects Manager ID Search   
    case ($method=='ManagerID'):
    if(empty($_POST['query'])) //checks if the query is filled 
	{
	exit("Please Fill in the Manager ID you want to search. Click <a href=\"search.php\">here</a> to go back.</p>");
	}
	else
	{
	echo"<i>Your search for {$_POST['query']} had the following results:</i>";
	$method=$_POST['searchType'];
	$search=$_POST['query'];
	$query=sqlQuery("SELECT * FROM Employee WHERE $method = '$search'");//searches the DB for the query
	$aNumber=mysql_num_rows($query);
	if($aNumber>='1') //will display the table header if a row exists
	{
	if( $_SESSION['tmsUserID'] == $result ) //will display the Ids if the user is a manager 
	{
	echo"<table class='full'>";
	echo"<th></th><th>ID</th><th>Employee Name</th><th>Title</th><th>Team</th><th>Department</th></tr>";
	}
	else
	{
	echo"<table class='full'>";
	echo"<th></th><th>Employee Name</th><th>Title</th><th>Team</th><th>Department</th></tr>";	
	}
	}
	while ($row = mysql_fetch_array($query))
	{
		$variable1=$row["EmployeeFName"];
		$variable2=$row["EmployeeLName"];
		$variable3=$row["EmployeeID"];
		$variable4=$row["EmployeeDepart"];
		$variable5=$row["EmployeeTeam"];
		$variable6=$row["ManagerID"];
		$variable7=$row["EmployeeTitle"]; 
		$variable8=$row["EmployeeHide"];
if($variable3==$variable6 && $variable8!='1')
{
		echo"<tr><td class='view'><form action='employee.php' method='post'><div>";
		echo"<input type='hidden' name='empID' value=$variable3></input>";
		echo"<input type='submit' value='View' class='button' /></div></form></td>";
if( $_SESSION['tmsUserID'] == $result )
	{
	echo"<td name='userID' class='id'>{$variable3}</td>";
	}

echo"<td name='userName' class='record'>{$variable1}{$space}{$variable2}  </td>";
echo"<td name='userTitle' class='record'>{$variable7}</td><td name='userTeam' class='record'>{$variable5}</td>";
echo"<td name='userDept' class='record'>{$variable4}</td></tr>";
	}
	
}
 
if (!$variable3) //query was not found
{
print ("$XX");
exit('<p> Click <a href="search.php">here</a> to go back.</p>');
}


	}
	break;
	
	case ($method=='ManagerName'):
	
	if(empty($_POST['query'])) //if no query was entered
	{	
	exit("Please Fill in the Manager Name you want to search. Click <a href=\"search.php\">here</a> to go back.</p>");
	}
	else
	{
		//////////Parses a full name
	$full = $_POST['query'];
	$n = sscanf($full, "%s %s", $first, $last);
	$Mangr= sqlQuery("SELECT * FROM Employee WHERE EmployeeFName like '%$first%' AND EmployeeLName like '%$last%'");
	$space=' ';
	////////
	$Mangr2= sqlQuery("SELECT * FROM Employee WHERE EmployeeFName like '%$first%' OR EmployeeLName like '%$first%'"); //Searches the database for managers first name
	$aNumber=mysql_num_rows($Mangr);
	$aNumber2=mysql_num_rows($Mangr2); //if the query was found it will return the number of rows
	if($aNumber=='1' || $aNumber2 >='1')
	{
	if( $_SESSION['tmsUserID'] == $result )
	{
	echo"<table class='full'>";
	echo"<th></th><th>ID</th><th>Employee Name</th><th>Title</th><th>Team</th><th>Department</th></tr>";
	}
	else
	{
	echo"<table class='full'>";
	echo"<th></th><th>Employee Name</th><th>Title</th><th>Team</th><th>Department</th></tr>";	
	}
	}
	if($last==NULL)
	{
		$Mangr= sqlQuery("SELECT * FROM Employee WHERE EmployeeFName like '%$first%' OR EmployeeLName like '%$first%'");
	while ($row = mysql_fetch_array($Mangr))
	{
		$variable1=$row["EmployeeFName"];
		$variable2=$row["EmployeeLName"];
		$variable3=$row["EmployeeID"];
		$variable4=$row["EmployeeDepart"];
		$variable5=$row["EmployeeTeam"];
		$variable6=$row["ManagerID"];
		$variable7=$row["EmployeeTitle"]; 
		$variable8=$row["EmployeeHide"];
	if($variable3==$variable6 && $variable8!='1')
	{
		echo"<tr><td class='view'><form action='employee.php' method='post'><div>";
		echo"<input type='hidden' name='empID' value=$variable3></input>";
		echo"<input type='submit' value='View' class='button' /></div></form></td>";
if( $_SESSION['tmsUserID'] == $result )
	{
	echo"<td name='userID' class='id'>{$variable3}</td>";
	}

echo"<td name='userName' class='record'>{$variable1}{$space}{$variable2}  </td>";
echo"<td name='userTitle' class='record'>{$variable7}</td><td name='userTeam' class='record'>{$variable5}</td>";
echo"<td name='userDept' class='record'>{$variable4}</td></tr>";
	}
} 
}
	else
	{
		$Mangr= sqlQuery("SELECT * FROM Employee WHERE EmployeeFName like '%$first%' AND EmployeeLName like '%$last%'");
	while ($row = mysql_fetch_array($Mangr))
	{
		$variable1=$row["EmployeeFName"];
		$variable2=$row["EmployeeLName"];
		$variable3=$row["EmployeeID"];
		$variable4=$row["EmployeeDepart"];
		$variable5=$row["EmployeeTeam"];
		$variable6=$row["ManagerID"];
		$variable7=$row["EmployeeTitle"]; 
		$variable8=$row["EmployeeHide"];
		
if($variable3==$variable6 && $variable8!='1')
{
		echo"<tr><td class='view'><form action='employee.php' method='post'><div>";
		echo"<input type='hidden' name='empID' value=$variable3></input>";
		echo"<input type='submit' value='View' class='button' /></div></form></td>";
if( $_SESSION['tmsUserID'] == $result )
	{
	echo"<td name='userID' class='id'>{$variable3}</td>";
	}

echo"<td name='userName' class='record'>{$variable1}{$space}{$variable2}  </td>";
echo"<td name='userTitle' class='record'>{$variable7}</td><td name='userTeam' class='record'>{$variable5}</td>";
echo"<td name='userDept' class='record'>{$variable4}</td></tr>";
}
	}
}

if (!$variable3) //query not found
{
print ("$XX");
exit('<p> Click <a href="search.php">here</a> to go back.</p>');
}

	}

break;
endswitch;
}


else 
{
	////Check if it is a manager
	checkManager();
	
	$managerId=$_SESSION['tmsUserID']; //Will hold the current managers ID 
	
	$SQLstring="SELECT * FROM Employee WHERE ManagerID = '$managerId'"; //Will retrieve the employees with the same manager ID as $managerId
	$QueryResult=sqlQuery($SQLstring);
	$Row = mysql_fetch_row($QueryResult);//will hold the numbers of rows found with the same $managerId
	$aNumber=mysql_num_rows($QueryResult);
	if($aNumber>='1' && ($_SESSION['tmsUserID']!=$Row[0])) //will display the table header if there are employees.
	{
	echo"<table class='full'>";
	echo"<tr><th></th><th>ID</th><th>Employee Name</th><th>Title</th><th>Team</th><th>Department</th></tr>";
	}
	else //if the current manager does not have any employees
	exit("You do not have any current Employees");
	
	do
	{
		//this will hold the users First name and last name
		$fName=$Row[3];
		$lName=$Row[4];
		$hide=$Row[15];
		$space=' ';
		if($_SESSION['tmsUserID']!=$Row[0])
		{
			
		//This will print out the Employees table with their ID, Names, Title, Department, and team
		echo"<tr><td class='view'><form action='employee.php' method='post'><div>";
		echo"<input type='hidden' name='empID' value=$Row[0]></input>";
		echo"<input type='submit' value='View' class='button' /></div></form></td>";
		echo"<td name='userID' class='id'>{$Row[0]}</td></form><td name='userName' class='record'>{$fName}{$space}{$lName}</td>";
		echo"<td name='userTitle' class='record'>{$Row[5]}</td><td name='userTeam' class='record'>{$Row[8]}</td>";
		echo"<td name='userDepartment' class='record'>{$Row[7]}</td></tr>";

		}
		$Row=mysql_fetch_row($QueryResult);
		
	}while($Row);
	
}

?>
</p>
  </body>
</html>